[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    RE: Unable to start RADIUS (Permissions)
From:       "Smith, James" <james.smith () saabsensis ! com>
Date:       2017-11-17 15:21:16
Message-ID: EEE5E645A16A9D45B172BBF86723B76C667B437C () corpmail01 ! corp ! sensis ! com
[Download RAW message or body]

Hi Alan, 
Thank you for the reply. You guys were all correct in that it was a OS problem. I \
found out that some permissions at a higher lever were changed and that looks to be \
what was causing the problem. There must have been files in a location other than \
/etc/raddb that had their permissions changed and it was preventing the radiusd user \
from accessing what it needed. 

Thanks for the insight and help. 
Jim 

-----Original Message-----
From: Freeradius-Users \
[mailto:freeradius-users-bounces+james.smith=saabsensis.com@lists.freeradius.org] On \
                Behalf Of Alan Buxey
Sent: Wednesday, November 15, 2017 12:26 PM
To: FreeRadius users mailing list <freeradius-users@lists.freeradius.org>
Subject: Re: Unable to start RADIUS (Permissions)

Hi

Just ensure that all the files are readable by the user the Daemon runs as
- radiusd?

alan

On 15 Nov 2017 5:16 pm, "Smith, James" <james.smith@saabsensis.com> wrote:

> Hello,
> I've attached output from a radius -X command in a text file to 
> provide more information as to what's going on.
> 
> I'm receiving the following error:
> # Instantiating module "files" from file /etc/raddb/mods-enabled/files
> files {
> filename = "/etc/raddb/mods-config/files/authorize"
> Unable to open file "/etc/raddb/mods-config/files/authorize": 
> Permission denied
> }
> /etc/raddb/mods-enabled/files[9]: Invalid configuration for module "files"
> 
> For /etc/raddb/mods-config/files/authorize I tried to make the 
> permissions r-w-x for root and radius group and read for all other users...
> so 774 but I'm not having any luck getting radius to start. When I try 
> to give full permission for testing (777), I get the same error.
> 
> I also tried to change /etc/raddb/mods-available/files to 777 just to 
> test and I receive the following:
> 
> Configuration file /etc/raddb/mods-enabled/files is globally writable.
> Refusing to start due to insecure configuration.
> Errors reading or parsing /etc/raddb/radiusd.conf
> 
> Makes sense since it's insecure.
> 
> Hopefully there is enough information to pin point what's actually 
> going on.
> 
> Thanks,
> Jim
> 
> This message is intended only for the addressee and may contain 
> information that is company confidential or privileged. Any technical 
> data in this message may be exported only in accordance with the U.S.
> International Traffic in Arms Regulations (22 CFR Parts 120-130) or 
> the Export Administration Regulations (15 CFR Parts 730-774). 
> Unauthorized use is strictly prohibited and may be unlawful. If you 
> are not the intended recipient, or the person responsible for 
> delivering to the intended recipient, you should not read, copy, 
> disclose or otherwise use this message. If you have received this 
> email in error, please delete it, and advise the sender immediately.
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/ 
> list/users.html
> 
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
This message is intended only for the addressee and may contain information that is \
company confidential or privileged.  Any technical data in this message may be \
exported only in accordance with the U.S. International Traffic in Arms Regulations \
(22 CFR Parts 120-130) or the Export Administration Regulations (15 CFR Parts \
730-774). Unauthorized use is strictly prohibited and may be unlawful. If you are not \
the intended recipient, or the person responsible for delivering to the intended \
recipient, you should not read, copy, disclose or otherwise use this message. If you \
have received this email in error, please delete it, and advise the sender \
                immediately. 
-          

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


[prev in list] [next in list] [prev in thread] [next in thread]